430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Rapid7 says source code, credentials accessed as a result of Codecov supply-chain attack

Rapid7 disclosed that unauthorized third-party had access to source code and customer data as result of Codecov supply chain attack. Cyber security vendor Rapid7 reveals it was impacted by the Codecov software supply chain attack, attackers had access to data for part of its customers and a small subset of its source code repositories for […]

MTTR

Rapid7 disclosed that unauthorized third-party had access to source code and customer data as result of Codecov supply chain attack.

Cyber security vendor Rapid7 reveals it was impacted by the Codecov software supply chain attack, attackers had access to data for part of its customers and a small subset of its source code repositories for internal tools.

In April, the software company Codecov disclosed a major security breach after a threat actor compromised its infrastructure to inject a credentials harvester code to one of its tools named Bash Uploader.

The threat actor gained periodic access to the Bash Uploader script making changes to add malicious code. The malicious code would allow the attacker to intercept uploads and scan and collect any sensitive information, including credentials, tokens, or keys.

Code coverage is one of the major metrics companies, it provides code testing solutions to a broad range of organizations, including Atlassian, P&G, GoDaddy, and the Washington Post.

The security breach took place on January 31, but it was discovered on April 1st by one of its customers.

Shortly after the disclosure of the Codecov supply chain attack, the company launched an internal investigation to determine the potential impact on its infrastructure. The experts discovered that:

  • A small subset of our source code repositories for internal tooling for our MDR service was accessed by an unauthorized party outside of Rapid7
  • These repositories contained some internal credentials, which have all been rotated, and alert-related data for a subset of our MDR customers
  • No other corporate systems or production environments were accessed, and no unauthorized changes to these repositories were made

The repositories accessed by third-party contained internal credentials and alert-related data for a subset of its MDR (managed detection and response) customers. In response to the breach, the company reset the impacted credentials.

“We will update this notice if we learn new information that changes the scope of the impact described here. If you are a customer and have any questions or need further information, please contact your Account Team or email codecov-inquiries@rapid7.com.” concludes Rapid7.

Please vote Security Affairs as Best Personal Blog
https://docs.google.com/forms/d/e/1FAIpQLSer_6yOZrL8OO6XjJ9yj3Mlq9LvuOakdTZN9ZmhkFCy1aQLdw/viewform

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, supply chain attack)

[adrotate banner=”5″]

[adrotate banner=”13″]